Assure is currently helping organisations across the world to become and remain ISO 27001 certified. It’s one of the leading ISO 27001 Compliance Softwares on the market. It was developed to operate in a host of organisationsand a range of industries.

Cloud Based Threat Data

Once you’ve tried it, you won’t be able to live without it!

With a range of cutting edge features, tools and information, InfoSaaS Assure will help you effortlessly administer your ISMS compliance and ISO 27001 certification across your business.

DASHBOARD

SYSTEM PARAMETERS

ASSET MANAGEMENT

ASSET DEPENDENCIES

RISK ASSESSMENTS

SoA

SECURITY INCIDENTS

ISMS CALENDAR

DOCUMENT MANAGEMENT

DASHBOARD

The InfoSaaS dashboard provides at a glance, key management information about the status and performance of the information security management system. It achieves this by combining important metrics about assets, risk assessments, security incidents and documentation status to provide system-wide visibility of an organisation’s information security health.

SYSTEM PARAMETERS

InfoSaaS is fully configurable so that it operates in accordance with an organisation’s specific information security needs. Amongst a number of user-defined system parameters are a range of acceptable risk metrics, default review periods for asset risk assessments and documentation, options for recording supporting evidence against security controls and workflow management for authorising security-related documentation.

ASSET MANAGEMENT

Assets can be created (and subsequently assessed) using one of the generic templates provided within InfoSaaS, or using a customised asset template created by the user. The status of assets, including their type, ownership and the date of their last risk assessment can be clearly seen from the searchable Asset Dashboard.

ASSET DEPENDENCIES

The InfoSaaS methodology recognises that assets may rely upon other assets for their overall security: InfoSaaS users are encouraged to identify and record “parent” and “child” relationships. These can be seen within the asset dependencies chart, and provides a useful and timely messaging service advising upstream and downstream asset owners of notifications of expired risk assessments, security incidents etc.

RISK ASSESSMENTS

Each asset is subject to a detailed risk assessment. This requires the asset owner to determine the probability of a range of vulnerabilities being exploited by applicable threats, and assesses the likely impact on the asset if they were actually exploited. They then progress to select and record the security controls which are in place to support their assessments, after which InfoSaaS calculates whether the risks are acceptable to the organisation.

SoA

The ISO27001 information security standard requires that the selection and use of security controls to protect assets is recorded in a “Statement of Applicability”. Traditionally this is an extensive and time consuming manual activity, InfoSaaS has been designed to prepare and update this key document automatically each time an individual risk assessment is completed.

SECURITY INCIDENTS

Should an asset within InfoSaaS be identified as having been compromised in some way, or even a potential breach is suspected, it is important that this is recorded promptly, so that the appropriate asset owner(s) can investigate and take remedial action without delay, InfoSaaS includes an integrated security incident module which manages and tracks the progress of security incidents from initial reporting, through investigation and remedial actions to final closure.

ISMS CALENDAR

Many activities within an information security management system are time dependent, so the InfoSaaS calendar keeps track of forthcoming and completed risk assessment activities, security incidents and document management tasks. Additionally, users can add their own “ISMS Events” which may include security training sessions, internal and external audit activities, management reviews etc, so that important activities are never overlooked.

DOCUMENT MANAGEMENT

InfoSaaS incorporates a document management module, which allows organisations to upload and manage their own documentation, or alternatively record hyperlinks to their documentation if hosted elsewhere. The system allows for various documentation approval workflows, and integration with the InfoSaaS calendar means that future document reviews are visible well in advance of the required review date.

Pricing

Basic

Single user licenceNo up front costs
No minimum contract
Cloud based access
Basic support